Tag Archives: website

ACA: Complication for Websites

On May 18, 2016, the Department of Health and Human Services (“HHS”) issued a final rule implementing Section 1557 of the Patient Protection and Affordable Care Act (ACA), which prohibits discrimination on the grounds of race, color, national origin, sex, age or disability in certain health programs and activities. Effective July 18, 2016, the final rule, “Nondiscrimination in Health Programs and Activities,” required entities covered by the rule to comply with certain accessibility requirements applicable to their use of technology in the provision of services.

See also: AI: The Next Stage in Healthcare  

The rule applies to: (i) to every health program or activity, any part of which receives federal financial assistance provided or made available by HHS; (ii) health insurance plans and marketplaces; and (iii) HHS itself. The rule defines “HHS financial assistance” broadly, to include almost all types of financial benefit transfers, among them grants, loans, credits, subsidies or transfers of real or personal property (but excludes Medicare Part B payments). Key points of the rule include the following:

First, the rule requires entities covered by it to make all programs and activities provided through electronic and information technology (e.g., a website) accessible for individuals with disabilities, unless doing so would impose undue financial or administrative burden. In addition, such entities must provide appropriate auxiliary aids and services when necessary to ensure an equal opportunity for persons with disabilities to participate in and benefit from the entity’s health programs or activities. Auxiliary aids and services include qualified sign language interpreters, captioning, large print materials, screen reader software, text telephones and video remote interpreting services. In short, entities covered by the rule must take appropriate steps to ensure that communications with individual with disabilities are as effective as communications with others, in accordance with Title II of the Americans with Disabilities Act of 1990 and related regulations.

Second, entities covered by the rule must take reasonable steps to provide meaningful access to individuals with limited English proficiency eligible to be served or likely to be encountered in their health programs and activities. This includes providing language assistance services, such as oral language assistance or written translation, free of charge and in a timely manner.

Third, entities covered by the rule must comply with certain procedural requirements. Specifically, the rule requires applicable entities with 15 or more employees to have a grievance procedure, to identify at least one individual accountable for coordinating the regulated entity’s compliance and to have a written process in place for handling grievances.

In addition, entities covered by the rule that operate websites must post on the website notices of nondiscrimination and taglines that alert individuals with limited English proficiency to the availability of language assistance services. Such taglines must be posted in at least the top 15 non-English languages spoken in the state in which the entity is located or does business.

See also: Digital Insurance, Anyone?  

For healthcare providers operating in the digital health industry as well as for software and other technology vendors working with health care providers, the rule may create a number of challenges. Website accessibility has likewise been the focus of increasing litigation, and a number of high-profile settlements have emphasized the potential risks entities may face by failing to address technology-based accessibility issues. Providers would be well advised to review their websites and other customer-facing technology with counsel to determine the applicability of the rule to their activities, as well as any broader accessibility considerations and exposure.

This article is from Jones Day Digital Health Law Update.  For more like this see: http://www.jonesday.com/digital-health-law-update-vol-ii-issue-4-08-08-2016/.

parties

In Third Parties We (Mis)trust?

Technology is transforming trust. Never before has there been a time when it’s been easier to start a distant geographical relationship. With a credible website and reasonable products or services, people are prepared to learn about companies half a world away and enter into commerce with them.

Society is changing radically when people find themselves trusting people with whom they’ve had no experience, e.g. on eBay or Facebook, more than with banks they’ve dealt with their whole lives.

Mutual distributed ledgers pose a threat to the trust relationship in financial services.

The History of Trust

Trust leverages a history of relationships to extend credit and benefit of the doubt to someone. Trust is about much more than money; it’s about human relationships, obligations and experiences and about anticipating what other people will do.

In risky environments, trust enables cooperation and permits voluntary participation in mutually beneficial transactions that are otherwise costly to enforce or cannot be enforced by third parties. By taking a risk on trust, we increase the amount of cooperation throughout society while simultaneously reducing the costs, unless we are wronged.

Trust is not a simple concept, nor is it necessarily an unmitigated good, but trust is the stock-in-trade of financial services. In reality, financial services trade on mistrust. If people trusted each other on transactions, many financial services might be redundant.

People use trusted third parties in many roles in finance, for settlement, as custodians, as payment providers, as poolers of risk. Trusted third parties perform three roles:

  • validate – confirming the existence of something to be traded and membership of the trading community;
  • safeguard – preventing duplicate transactions, i.e. someone selling the same thing twice or “double-spending”;
  • preserve – holding the history of transactions to help analysis and oversight, and in the event of disputes.

A ledger is a book, file or other record of financial transactions. People have used various technologies for ledgers over the centuries. The Sumerians used clay cuneiform tablets. Medieval folk split tally sticks. In the modern era, the implementation of choice for a ledger is a central database, found in all modern accounting systems. In many situations, each business keeps its own central database with all its own transactions in it, and these systems are reconciled, often manually and at great expense if something goes wrong.

But in cases where many parties interact and need to keep track of complex sets of transactions they have traditionally found that creating a centralized ledger is helpful. A centralized transaction ledger needs a trusted third party who makes the entries (validates), prevents double counting or double spending (safeguards) and holds the transaction histories (preserves). Over the ages, centralized ledgers are found in registries (land, shipping, tax), exchanges (stocks, bonds) or libraries (index and borrowing records), just to give a few examples.

The latest technological approach to all of this is the distributed ledger (aka blockchain aka distributed consensus ledger aka the mutual distributed ledger, or MDL, the term we’ll stick to here). To understand the concept, it helps to look back over the story of its development:

 1960/’70s: Databases

The current database paradigm began around 1970 with the invention of the relational model, and the widespread adoption of magnetic tape for record-keeping. Society runs on these tools to this day, even though some important things are hard to represent using them. Trusted third parties work well on databases, but correctly recording remote transactions can be problematic.

One approach to remote transactions is to connect machines and work out the lumps as you go. But when data leaves one database and crosses an organizational boundary, problems start. For Organization A, the contents of Database A are operational reality, true until proven otherwise. But for Organization B, the message from A is a statement of opinion. Orders sit as “maybe” until payment is made, and is cleared past the last possible chargeback: This tentative quality is always attached to data from the outside.

1980/’90s: Networks

Ubiquitous computer networking came of age two decades after the database revolution, starting with protocols like email and hitting its full flowering with the invention of the World Wide Web in the early 1990s. The network continues to get smarter, faster and cheaper, as well as more ubiquitous – and it is starting to show up in devices like our lightbulbs under names like the Internet of Things. While machines can now talk to each other, the systems that help us run our lives do not yet connect in joined-up ways.

Although in theory information could just flow from one database to another with your permission, in practice the technical costs of connecting databases are huge. Worse, we go back to paper and metaphors from the age of paper because we cannot get the connection software right. All too often, the computer is simply a way to fill out forms: a high-tech paper simulator. It is nearly impossible to get two large entities to share our information between them on our behalf.

Of course, there are attempts to clarify this mess – to introduce standards and code reusability to help streamline business interoperability. You can choose from EDI, XMI-EDI, JSON, SOAP, XML-RPC, JSON-RPC, WSDL and half a dozen more standards to “assist” your integration processes. The reason there are so many standards is because none of them finally solved the problem.

Take the problem of scaling collaboration. Say that two of us have paid the up-front costs of collaboration and have achieved seamless technical harmony, and now a third partner joins our union, then a fourth and a fifth … by five partners, we have 13 connections to debug, by 10 partners the number is 45. The cost of collaboration keeps going up for each new partner as they join our network, and the result is small pools of collaboration that just will not grow. This isn’t an abstract problem – this is banking, this is finance, medicine, electrical grids, food supplies and the government.

A common approach to this quadratic quandary is to put somebody in charge, a hub-and-spoke solution. We pick an organization – Visa would be typical – and all agree that we will connect to Visa using its standard interface. Each organization has to get just a single connector right. Visa takes 1% off the top, making sure that everything clears properly.

But while a third party may be trusted, it doesn’t mean it is trustworthy. There are a few problems with this approach, but they can be summarized as “natural monopolies.” Being a hub for others is a license to print money for anybody that achieves incumbent status. Visa gets 1% or more of a very sizeable fraction of the world’s transactions with this game; Swift likewise.

If you ever wonder what the economic upside of the MDL business might be, just have a think about how big that number is across all forms of trusted third parties.

2000/’10s: Mutual Distributed Ledgers

MDL technology securely stores transaction records in multiple locations with no central ownership. MDLs allow groups of people to validate, record and track transactions across a network of decentralized computer systems with varying degrees of control of the ledger. Everyone shares the ledger. The ledger itself is a distributed data structure held in part or in its entirety by each participating computer system. The computer systems follow a common protocol to add transactions. The protocol is distributed using peer-to-peer application architecture. MDLs are not technically new – concurrent and distributed databases have been a research area since at least the 1970s. Z/Yen built its first one in 1995.

Historically, distributed ledgers have suffered from two perceived disadvantages; insecurity and complexity. These two perceptions are changing rapidly because of the growing use of blockchain technology, the MDL of choice for cryptocurrencies. Cryptocurrencies need to:

  • validate – have a trust model for time-stamping transactions by members of the community;
  • safeguard – have a set of rules for sharing data of guaranteed accuracy;
  • preserve – have a common history of transactions.

If faith in the technology’s integrity continues to grow, then MDLs might substitute for two roles of a trusted third party, preventing duplicate transactions and providing a verifiable public record of all transactions. Trust moves from the third party to the technology. Emerging techniques, such as, smart contracts and decentralized autonomous organizations, might in future also permit MDLs to act as automated agents.

A cryptocurrency like bitcoin is an MDL with “mining on top.” The mining substitutes for trust: “proof of work” is simply proof that you have a warehouse of expensive computers working, and the proof is the output of their calculations! Cryptocurrency blockchains do not require a central authority or trusted third party to coordinate interactions, validate transactions or oversee behavior.

However, when the virtual currency is going to be exchanged for real-world assets, we come back to needing trusted third parties to trade ships or houses or automobiles for virtual currency. A big consequence may be that the first role of a trusted third party, validating an asset and identifying community members, becomes the most important. This is why MDLs may challenge the structure of financial services, even though financial services are here to stay.

Boring ledgers meet smart contracts

MDLs and blockchain architecture are essentially protocols that can work as well as hub-and-spoke for getting things done, but without the liability of a trusted third party in the center that might choose to exploit the natural monopoly. Even with smaller trusted third parties, MDLs have some magic properties, the same agreed data on all nodes, “distributed consensus,” rather than passing data around through messages.

In the future, smart contracts can store promises to pay and promises to deliver without having a middleman or exposing people to the risk of fraud. The same logic that secured “currency” in bitcoin can be used to secure little pieces of detached business logic. Smart contracts may automatically move funds in accordance with instructions given long ago, like a will or a futures contract. For pure digital assets there is no counterparty risk because the value to be transferred can be locked into the contract when it is created, and released automatically when the conditions and terms are met: If the contract is clear, then fraud is impossible, because the program actually has real control of the assets involved rather than requiring trustworthy middle-men like ATM machines or car rental agents. Of course, such structures challenge some of our current thinking on liquidity.

Long Finance has a Zen-style koan, “if you have trust I shall give you trust; if you have no trust I shall take it away.” Cryptocurrencies and MDLs are gaining more and more trust. Trust in contractual relationships mediated by machines sounds like science fiction, but the financial sector has profitably adapted to the ATM machine, Visa, Swift, Big Bang, HFT and many other innovations. New ledger technology will enable new kinds of businesses, as reducing the cost of trust and fixing problems allows new kinds of enterprises to be profitable. The speed of adoption of new technology sorts winners from losers.

Make no mistake: The core generation of value has not changed; banks are trusted third parties. The implication, though, is that much more will be spent on identity, such as Anti-Money-Laundering/Know-Your-Customer backed by indemnity, and asset validation, than transaction fees.

A U.S. political T-shirt about terrorists and religion inspires a closing thought: “It’s not that all cheats are trusted third parties; it’s that all trusted third parties are tempted to cheat.” MDLs move some of that trust into technology. And as costs and barriers to trusted third parties fall, expect demand and supply to increase.

Cyber Threats to Watch This Year

2015 was a year in which cyber criminals continued to innovate and expand their activities. As 2016 commences, look for insider threats to take center stage and for leading companies to respond. Meanwhile, cybersecurity and privacy issues will continue to reverberate globally. Here are a few predictions for the coming year:

Ed note_Edward Stroz

Cyber threats and elections– Threat actors targeted the websites and emails of presidential candidates in 2008 and 2012. Campaign websites continue to be used to raise money, making them targets for hacktivists and cyber criminals alike. Expect to see U.S. primary frontrunners and eventual nominees successfully targeted and to see at least one campaign undermined by a data breach.

IoT spurs new rules– This will be the year consumers awaken to security and privacy concerns attendant to the Internet of Things. A major physical disruption — through the breach of a connected car or medical device or weak security in a connected toy — will spur regulators and consumers to demand action. Expect companies to spend untold amounts on testing and retrofitting IoT devices to meet hastily approved “privacy and security by design” rules.

Insider threats get addressed– Insider threats — current or ex-employees with knowledge of, and access to, the corporate network — will take center stage in 2016. This will push human resources leaders onto cross-functional cybersecurity teams in many organizations. Expect leading-edge companies to invest in technologies that identify and, in some cases, prevent insider threats before they cause material damage.

International data flows narrow– Uncertainty arising from the demise of the EU-U.S. Safe Harbor pact will disrupt international data flows. Expanding European nationalism, distrust of U.S. surveillance and subpoena power, the prospect of triggering huge fines for transborder transfers and political disputes over alternatives will drive some U.S. companies to avoid doing business with Europe altogether. Meanwhile, other multinationals will opt to segregate business functions geographically by building local cloud services and data centers that protect them from penalties.

Boardroom shuffle– With concern mounting over cyber risks, organizations will evaluate fresh approaches to ensure boards are well-informed and comfortable making strategic decisions. Expect the appointment of specialist, non-executive cyber directors and the formation of dedicated cyber-risk committees (similar to audit committees) with independent advisers. Regulators may also pursue the concept of “cyber competent” people as a requirement for boards.

Cyber insurance spike– Demand for cyber liability coverage will continue to rise. Expect premiums to also rise because of constantly evolving threats, immature risk models and an underdeveloped reinsurance market. This will affect retailers, healthcare providers, banks and others that are considered high risk. Uncertainty about the concentration of exposure will lead regulators to impose cyber incident “stress testing.” This is a way to model the impact of multiple, simultaneous incidents on cyber insurance carriers — and potentially stop those that fail these tests from writing new policies.

The 3 Best Websites on Healthcare

These are three websites I read every day and from which I draw a huge amount of useful information:

  1. The Doctor Weighs In, hosted by Dr. Patricia Salber. TDWI is truly mind-expanding. She explores topics from the relationship between morality and religion to detecting post-surgery respiratory problems. Here is a link to The Doctor Weighs In.
  2. They Said What?, hosted by the inimitable Al Lewis and Vik Khanna. They go about exploding one healthcare myth after another and do so with appropriate satire, hilarious quotes and self-immolating vendor screenshots. I can’t go to this website without learning valuable information and having a good laugh. Who doesn’t like a good satire? Here is a link to They Said What? My advice: start with “This is your brain on wellness.”
  3. Not Running a Hospital, hosted by Paul Levy. Not Running a Hospital goes way beyond what the title implies…and way beyond healthcare in general. It, too, is mind-expanding. He covers topics from math education to healthcare myths and back again. Here is a link to Not Running a Hospital.

I urge you to add these websites to your bookmarks and visit them often.

The Future of Telematics Is… Italy

The black box used for telematics makes it possible for insurers to enrich their auto insurance value proposition by adding services built upon data. These services represent a way of de-commoditizing the car insurance policy and are also a source of income. In the medium/long term, such services will become more and more important as the risks covered by car insurance decrease because of technological progress on security and connected cars. These services also increase the number of interactions with the client, creating a richer connection and improving customer satisfaction. This is true both for Italy and at an international level.

There are three macro categories when it comes to services:

  1. Informational services related to the UBI (usage-based insurance) policy, typically delivered through a smartphone app or a dedicated area on a website. These services concern: quantification of pricing adjustment at the moment of the contract renewal based on previous driving behavior; coaching and advice regarding the style of driving; advice on how to save more while behind the wheel; “gamification” that allows a comparison of one’s own driving style with that of friends. A Canada-based company called Intact and Discovery, which is based in South Africa, can be considered among the most advanced examples that currently use this type of approach. According to recent data made available by a telematics service provider, four out of five clients owning a telematics insurance policy check put their driver score at least once a month. Furthermore, there is evidence that remote coaching programs can lead to concrete results in modifying driving behavior.
  2. Product offers related to the client’s automobile — like Discovery has done in South Africa with the Tires or like Allstate Rewards — or insurance policies sold “on the go” using data collected from the boxes installed on cars (a process known as reverse geocoding). Tokio Marine (Japan-based) and telephone operator NTT Docomo have shown that impulse “cross-selling” of low-value insurance coverage is a valid approach.
  3. Services related to the customer journey in a connected car.

There is a vast array of services that can be developed within the connected car ecosystem, and the technology is moving fast. There are start-ups and innovative business models popping up everywhere around the world. To cite just a recent Italian example, there is WoW — a digital wallet created by CheBanca! — which has integrated a parking payment service called Smarticket.it.

Services could be observed on three stages of the customer journey:

  • While behind the wheel. Services include bad weather alert, speeding alert, dedicated concierge and even an alert that is activated if the car leaves a pre-defined “safe area” (family “control” options for young or old members of the family). Discovery‘s approach in this field is highly relevant and includes an anti-theft service that signals to the client if the driver has a different driving style compared with the usual one;
  • In case of an incident. Here the Italian market is considered to be an international best practice because of how it has perfected the usage of telematics data to manage services. Many companies here have invested in creating a valuable customer experience by involving partners specialized in assistance. The solutions provided in case of an incident start with contacting the client and — depending on the gravity of the event — continue with sending help directly and taking care of all the logistic and case management problems that can arise. Innovation is now focusing more on simplifying the FNOL (first notice of loss) procedure. One such example is Ania, Italian Association of Insurers, which has announced for 2016 the launch of an app for FNOL.
  • While the car is parked. Beyond locating and recovering the car in case of theft, the blackbox can send alerts when the vehicle is moved or damaged in any way. This also allows a driver to locate a parked vehicle. There are three Italian companies – TUA, Cattolica and Cargeas – that have recently launched innovative value propositions for parked cars. One of the best practices is the street sweeping alert by Metromile.

In this new service ecosystem, insurers will find themselves forced to co-compete (that is collaborate and compete) with different actors that are active in the connected car sector.

Italy is at the moment one of the most advanced countries in terms of service development connected to telematics; they have become mainstream, not just a niche. At the end of 2014, telematics represented 15% of motor insurance sales and renewals in Italy, reaching 30% in some regions, as underlined by a recent analysis by IVASS.

This creates the perfect conditions for the consolidation of approaches driven by insurance companies.